Revision as of 10:58, 2 February 2009

Wapiti allows to audit the security of web applications in an easy way. It performs a "black-box" scans acting like a fuzzer, injecting payloads to see if an application is vulnerable. It has two principal parts, a crawler that explores the pages of the application and the attack module that injects the payloads and evaluates their responses. Wapiti is easy to use and it can detect the most common vulnerabilities (XSS, SQL Injection, File Handler Errors...). It provides to the user a complete report (html format) with the found vulnerabilities.